In <[🔎] 20090602133233.GA7026@blitz.hooton>, Douglas A. Tutty wrote: >I would argue that another bug is that its not statically >linked but Debian doesn't seem to worry about having basic stuff static >and refer people to a live CD for system rescue. That because static linking is a security and modularity nightmare. e.g. if there is a security issue bug in glibc, everything statically linked has to be rebuilt *after* the buildds are upgraded to a glibc that no longer has the issue. Either that, or a combination of that and auditing each statically linked program to determine if they use glibc in an vulnerable manner. Plus, if the security issue was found in Sid, but didn't affect the glibc in Squeeze you'd still have to include the Squeeze packages in the audit since they were built against the glibc from Sid. Plus, static linking wastes both disk space and memory (and, as a result, CPU cycles aka time aka money) compared to real-world use of shared objects. So, while I agree that it would be really nice to be able to recover from a broken dynamic linker from within a running Debian system; static linking (selected) files in /bin is not a solution I'm willing to accept, mostly. We do have busybox-static which provides a statically-linked version of a lot of utilities -- enough to recover from most situations with enough effort. -- Boyd Stephen Smith Jr. ,= ,-_-. =. bss@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
Attachment:
signature.asc
Description: This is a digitally signed message part.